<?php

if(count($_FILES)>0)
{
	$uploaddir = './download/';
	$uploadfile = $uploaddir . basename($_FILES['userfile']['name']);

	
	if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile)) 
	{
    	echo "File is valid, and was successfully uploaded.\n";
	} 
	else 
	{
    	echo "Possible file upload attack!\n";
	}	
}

?>

<form action="upload.php" method="post" enctype="multipart/form-data">
<input type="file"  name="userfile" />
<input type="submit" value="Upload" />
</form>
